diff options
author | Matus Fabian <matfabia@cisco.com> | 2018-09-04 03:55:45 -0700 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-09-04 17:50:51 +0000 |
commit | 5d28c7afbc0abd172d0053768b2ebe37b7a6c348 (patch) | |
tree | afdef90641a9fc25c9d24e166488e66d3e9049b7 /src/plugins/nat | |
parent | b17cd37bb9c86ea5d8b43efad7ce5b7fc808e528 (diff) |
NAT: add support for configurable port range (VPP-1346)
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat')
-rw-r--r-- | src/plugins/nat/nat.api | 55 | ||||
-rwxr-xr-x | src/plugins/nat/nat.c | 84 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 19 | ||||
-rw-r--r-- | src/plugins/nat/nat44_cli.c | 60 | ||||
-rw-r--r-- | src/plugins/nat/nat_api.c | 95 |
5 files changed, 310 insertions, 3 deletions
diff --git a/src/plugins/nat/nat.api b/src/plugins/nat/nat.api index f1c95b2d65b..1ff288dba2a 100644 --- a/src/plugins/nat/nat.api +++ b/src/plugins/nat/nat.api @@ -277,6 +277,61 @@ define nat_get_timeouts_reply { u32 icmp; }; +/** \brief Set address and port assignment algorithm + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param alg - address and port assignment algorithm: + 0 - default, 1 - MAP-E, 2 - port range + (see nat_addr_and_port_alloc_alg_t in nat.h) + @param psid_offset - number of offset bits (valid only for MAP-E alg) + @param psid_length - length of PSID (valid only for MAP-E alg) + @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) + @param start_port - beginning of the port range + @param end_port - end of the port range +*/ +autoreply define nat_set_addr_and_port_alloc_alg { + u32 client_index; + u32 context; + u8 alg; + u8 psid_offset; + u8 psid_length; + u16 psid; + u16 start_port; + u16 end_port; +}; + +/** \brief Get address and port assignment algorithm + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_get_addr_and_port_alloc_alg { + u32 client_index; + u32 context; +}; + +/** \brief Get address and port assignment algorithm reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param alg - address and port assignment algorithm: + 0 - default, 1 - MAP-E, 2 - port range + (see nat_addr_and_port_alloc_alg_t in nat.h) + @param psid_offset - number of offset bits (valid only for MAP-E alg) + @param psid_length - length of PSID (valid only for MAP-E alg) + @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) + @param start_port - beginning of the port range + @param end_port - end of the port range +*/ +define nat_get_addr_and_port_alloc_alg_reply { + u32 context; + i32 retval; + u8 alg; + u8 psid_offset; + u8 psid_length; + u16 psid; + u16 start_port; + u16 end_port; +}; + /* * NAT44 APIs */ diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 0ce1a60c976..fe6d6cae82f 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -2062,6 +2062,7 @@ static clib_error_t * snat_init (vlib_main_t * vm) sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT; sm->icmp_timeout = SNAT_ICMP_TIMEOUT; sm->alloc_addr_and_port = nat_alloc_addr_and_port_default; + sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT; sm->forwarding_enabled = 0; sm->log_class = vlib_log_register_class ("nat", 0); error_drop_node = vlib_get_node_by_name (vm, (u8 *) "error-drop"); @@ -2466,6 +2467,57 @@ exhausted: return 1; } +static int +nat_alloc_addr_and_port_range (snat_address_t * addresses, + u32 fib_index, + u32 thread_index, + snat_session_key_t * k, + u32 * address_indexp, + u16 port_per_thread, + u32 snat_thread_index) +{ + snat_main_t *sm = &snat_main; + snat_address_t *a = addresses; + u16 portnum, ports; + + ports = sm->end_port - sm->start_port + 1; + + if (!vec_len (addresses)) + goto exhausted; + + switch (k->protocol) + { +#define _(N, i, n, s) \ + case SNAT_PROTOCOL_##N: \ + if (a->busy_##n##_ports < ports) \ + { \ + while (1) \ + { \ + portnum = snat_random_port(sm->start_port, sm->end_port); \ + if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, portnum)) \ + continue; \ + clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, portnum, 1); \ + a->busy_##n##_ports++; \ + k->addr = a->addr; \ + k->port = clib_host_to_net_u16 (portnum); \ + *address_indexp = i; \ + return 0; \ + } \ + } \ + break; + foreach_snat_protocol +#undef _ + default: + nat_log_info ("unknown protocol"); + return 1; + } + +exhausted: + /* Totally out of translations to use... */ + snat_ipfix_logging_addresses_exhausted(0); + return 1; +} + void nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add) { @@ -2522,6 +2574,25 @@ format_snat_protocol (u8 * s, va_list * args) return s; } +u8 * +format_nat_addr_and_port_alloc_alg (u8 * s, va_list * args) +{ + u32 i = va_arg (*args, u32); + u8 *t = 0; + + switch (i) + { +#define _(v, N, s) case NAT_ADDR_AND_PORT_ALLOC_ALG_##N: t = (u8 *) s; break; + foreach_nat_addr_and_port_alloc_alg +#undef _ + default: + s = format (s, "unknown"); + return s; + } + s = format (s, "%s", t); + return s; +} + u8 * format_snat_key (u8 * s, va_list * args); u8 * format_static_mapping_key (u8 * s, va_list * args); @@ -3550,6 +3621,7 @@ nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length) { snat_main_t *sm = &snat_main; + sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE; sm->alloc_addr_and_port = nat_alloc_addr_and_port_mape; sm->psid = psid; sm->psid_offset = psid_offset; @@ -3557,10 +3629,22 @@ nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length) } void +nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port) +{ + snat_main_t *sm = &snat_main; + + sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE; + sm->alloc_addr_and_port = nat_alloc_addr_and_port_range; + sm->start_port = start_port; + sm->end_port = end_port; +} + +void nat_set_alloc_addr_and_port_default (void) { snat_main_t *sm = &snat_main; + sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT; sm->alloc_addr_and_port = nat_alloc_addr_and_port_default; } diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 660fb4c2965..d8d0b2a9c4d 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -96,6 +96,16 @@ typedef struct { }; } snat_user_key_t; +#define foreach_nat_addr_and_port_alloc_alg \ + _(0, DEFAULT, "default") \ + _(1, MAPE, "map-e") \ + _(2, RANGE, "port-range") + +typedef enum { +#define _(v, N, s) NAT_ADDR_AND_PORT_ALLOC_ALG_##N = v, + foreach_nat_addr_and_port_alloc_alg +#undef _ +} nat_addr_and_port_alloc_alg_t; #define foreach_snat_protocol \ _(UDP, 0, udp, "udp") \ @@ -361,10 +371,17 @@ typedef struct snat_main_s { /* Vector of outside addresses */ snat_address_t * addresses; + /* Address and port allocation function */ nat_alloc_out_addr_and_port_function_t *alloc_addr_and_port; + /* Address and port allocation type */ + nat_addr_and_port_alloc_alg_t addr_and_port_alloc_alg; + /* Port set parameters (MAP-E) */ u8 psid_offset; u8 psid_length; u16 psid; + /* Port range parameters */ + u16 start_port; + u16 end_port; /* vector of outside fibs */ nat_outside_fib_t * outside_fibs; @@ -631,6 +648,7 @@ int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del, u8 twice_nat); uword unformat_snat_protocol(unformat_input_t * input, va_list * args); u8 * format_snat_protocol(u8 * s, va_list * args); +u8 * format_nat_addr_and_port_alloc_alg(u8 * s, va_list * args); int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, nat44_lb_addr_port_t *locals, u8 is_add, @@ -651,6 +669,7 @@ snat_session_t * nat_ed_session_alloc (snat_main_t *sm, snat_user_t *u, u32 thread_index); void nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length); +void nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port); void nat_set_alloc_addr_and_port_default (void); int nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg); int nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg); diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c index 3847502ca7e..17a3827dee6 100644 --- a/src/plugins/nat/nat44_cli.c +++ b/src/plugins/nat/nat44_cli.c @@ -214,7 +214,7 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm, unformat_input_t _line_input, *line_input = &_line_input; snat_main_t *sm = &snat_main; clib_error_t *error = 0; - u32 psid, psid_offset, psid_length; + u32 psid, psid_offset, psid_length, port_start, port_end; if (sm->deterministic) return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); @@ -234,6 +234,20 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm, nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset, (u16) psid_length); else + if (unformat + (line_input, "port-range %d - %d", &port_start, &port_end)) + { + if (port_end <= port_start) + { + error = + clib_error_return (0, + "The end-port must be greater than start-port"); + goto done; + } + nat_set_alloc_addr_and_port_range ((u16) port_start, + (u16) port_end); + } + else { error = clib_error_return (0, "unknown input '%U'", format_unformat_error, line_input); @@ -248,6 +262,36 @@ done: }; static clib_error_t * +nat44_show_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + snat_main_t *sm = &snat_main; + + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + + vlib_cli_output (vm, "NAT address and port: %U", + format_nat_addr_and_port_alloc_alg, + sm->addr_and_port_alloc_alg); + switch (sm->addr_and_port_alloc_alg) + { + case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE: + vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid, + sm->psid_offset, sm->psid_length); + break; + case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE: + vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port, + sm->end_port); + break; + default: + break; + } + + return 0; +} + +static clib_error_t * add_address_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { @@ -1634,6 +1678,8 @@ VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = { * Set address and port assignment algorithm * For the MAP-E CE limit port choice based on PSID use: * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6 + * For port range use: + * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port> * To set standard (default) address and port assignment algorithm use: * vpp# nat addr-port-assignment-alg default * @cliexend @@ -1646,6 +1692,18 @@ VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = { /*? * @cliexpar + * @cliexstart{show nat addr-port-assignment-alg} + * Show address and port assignment algorithm + * @cliexend +?*/ +VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = { + .path = "show nat addr-port-assignment-alg", + .short_help = "show nat addr-port-assignment-alg", + .function = nat44_show_alloc_addr_and_port_alg_command_fn, +}; + +/*? + * @cliexpar * @cliexstart{show nat44 hash tables} * Show NAT44 hash tables * @cliexend diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c index 17009c93561..2994f8001f4 100644 --- a/src/plugins/nat/nat_api.c +++ b/src/plugins/nat/nat_api.c @@ -484,6 +484,95 @@ vl_api_nat_get_timeouts_t_print (vl_api_nat_get_timeouts_t * mp, void *handle) FINISH; } +static void + vl_api_nat_set_addr_and_port_alloc_alg_t_handler + (vl_api_nat_set_addr_and_port_alloc_alg_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_addr_and_port_alloc_alg_reply_t *rmp; + int rv = 0; + u16 port_start, port_end; + + if (sm->deterministic) + { + rv = VNET_API_ERROR_UNSUPPORTED; + goto send_reply; + } + + switch (mp->alg) + { + case NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT: + nat_set_alloc_addr_and_port_default (); + break; + case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE: + nat_set_alloc_addr_and_port_mape (ntohs (mp->psid), mp->psid_offset, + mp->psid_length); + break; + case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE: + port_start = ntohs (mp->start_port); + port_end = ntohs (mp->end_port); + if (port_end <= port_start) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto send_reply; + } + nat_set_alloc_addr_and_port_range (port_start, port_end); + break; + default: + rv = VNET_API_ERROR_INVALID_VALUE; + break; + } + +send_reply: + REPLY_MACRO (VL_API_NAT_SET_ADDR_AND_PORT_ALLOC_ALG_REPLY); +} + +static void *vl_api_nat_set_addr_and_port_alloc_alg_t_print + (vl_api_nat_set_addr_and_port_alloc_alg_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_set_addr_and_port_alloc_alg "); + s = format (s, "alg %d psid_offset %d psid_length %d psid %d start_port %d " + "end_port %d\n", + ntohl (mp->alg), ntohl (mp->psid_offset), + ntohl (mp->psid_length), ntohs (mp->psid), + ntohs (mp->start_port), ntohs (mp->end_port)); + + FINISH; +} + +static void + vl_api_nat_get_addr_and_port_alloc_alg_t_handler + (vl_api_nat_get_addr_and_port_alloc_alg_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_get_addr_and_port_alloc_alg_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_GET_ADDR_AND_PORT_ALLOC_ALG_REPLY, + ({ + rmp->alg = sm->addr_and_port_alloc_alg; + rmp->psid_offset = sm->psid_offset; + rmp->psid_length = sm->psid_length; + rmp->psid = htons (sm->psid); + rmp->start_port = htons (sm->start_port); + rmp->end_port = htons (sm->end_port); + })) + /* *INDENT-ON* */ +} + +static void *vl_api_nat_get_addr_and_port_alloc_alg_t_print + (vl_api_nat_get_addr_and_port_alloc_alg_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_get_addr_and_port_alloc_alg"); + + FINISH; +} + /*************/ /*** NAT44 ***/ /*************/ @@ -2990,8 +3079,10 @@ _(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \ _(NAT_SET_REASS, nat_set_reass) \ _(NAT_GET_REASS, nat_get_reass) \ _(NAT_REASS_DUMP, nat_reass_dump) \ -_(NAT_SET_TIMEOUTS, nat_set_timeouts) \ -_(NAT_GET_TIMEOUTS, nat_get_timeouts) \ +_(NAT_SET_TIMEOUTS, nat_set_timeouts) \ +_(NAT_GET_TIMEOUTS, nat_get_timeouts) \ +_(NAT_SET_ADDR_AND_PORT_ALLOC_ALG, nat_set_addr_and_port_alloc_alg) \ +_(NAT_GET_ADDR_AND_PORT_ALLOC_ALG, nat_get_addr_and_port_alloc_alg) \ _(NAT44_ADD_DEL_ADDRESS_RANGE, nat44_add_del_address_range) \ _(NAT44_INTERFACE_ADD_DEL_FEATURE, nat44_interface_add_del_feature) \ _(NAT44_ADD_DEL_STATIC_MAPPING, nat44_add_del_static_mapping) \ |